ahoog42/syncing

## syncing
# Setup rsync to Ubuntu Server 16.10 (Digital Ocean)

## setup ssh on server and client

### on server

#### add new use, add to sudo group
adduser non-root-user
usermod -aG sudo non-root-user (gpasswd -a non-root-user sudo)


sudo apt-get install ssh
And secure sshd - https://thepcspy.com/read/making-ssh-secure/

- sudo apt-get install fail2ban

In /etc/ssh/sshd_config
- Port 22 -> Port 942 ???
- PermitRootLogin no
- PasswordAuthentication no
- ChallengeResponseAuthentication no
- UsePAM no???

sudo service ssh restart


## setup non-sudo backup user (server)
sudo adduser --disabled-password bkup
sudo mkdir /home/bkup/.ssh
sudo touch /home/bkup/.ssh/authorized_keys
sudo chmod 700 /home/bkup/.ssh
sudo chmod 600 /home/bkup/.ssh/authorized_keys
sudo chown -R bkup.bkup /home/bkup/.ssh

### client

#### macOS / OSx
already installed.

###### create new key-pair with no passcode (client)

ssh-keygen -f ~/.ssh/id_backup -C "user-gmail-com"
ssh-copy-id -i ~/.ssh/id_backup bkup@192.168.1.2 (won't work, manually move over for now)

## launchd monitoring when file changes
vim ~/Library/LaunchAgents/io.nopanic.backup.plist


### setup rrsync
sudo -s
gunzip /usr/share/doc/rsync/scripts/rrsync.gz -c > /usr/local/bin/rrsync
exit
sudo chmod 755 /usr/local/bin/rrsync
sudo chown root:root /usr/local/bin/rrsync

sudo mkdir -p /var/backup/user-gmail-com
sudo chown bkup.bkup /var/backup/user-gmail-com

sudo vim /home/bkup/.ssh/authorized_keys

command="/usr/local/bin/rrsync  /var/backup/user-gmail-com/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAA[... your full pubkey here...]


## backup (client)

vim /usr/local/bin/bkup.sh

#!/bin/sh

BACKUP_SERVER=192.168.1.2
USER=bkup
FILE=~/some/file

rsync -avz --rsync-path='rsync --server --fake-super' --rsh='ssh -i ~/.ssh/id_backup' $FILE $USER@$BACKUP_SERVER:/

chmod 755 /usr/local/bin/bkup.sh

vim ~/Library/LaunchAgents/io.nopanic.backup.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Label</key>
        <string>io.nopanic.backup</string>
        <key>ProgramArguments</key>
        <array>
          <string>/usr/local/bin/bkup.sh</string>
        </array>
        <key>StartCalendarInterval</key>
        <dict>
          <key>Minute</key>
          <integer>1</integer>
        </dict>
        <key>StandardErrorPath</key>
        <string>/tmp/sync.log</string>
        <key>StandardOutPath</key>
        <string>/tmp/sync.err</string>
</dict>
</plist>

launchctl load ~/Library/LaunchAgents/io.nopanic.backup.plist
does this survive a reboot? yes
	# Setup rsync to Ubuntu Server 16.10 (Digital Ocean)

	## setup ssh on server and client

	### on server

	#### add new use, add to sudo group
	adduser non-root-user
	usermod -aG sudo non-root-user (gpasswd -a non-root-user sudo)


	sudo apt-get install ssh
	And secure sshd - https://thepcspy.com/read/making-ssh-secure/

	- sudo apt-get install fail2ban

	In /etc/ssh/sshd_config
	- Port 22 -> Port 942 ???
	- PermitRootLogin no
	- PasswordAuthentication no
	- ChallengeResponseAuthentication no
	- UsePAM no???

	sudo service ssh restart


	## setup non-sudo backup user (server)
	sudo adduser --disabled-password bkup
	sudo mkdir /home/bkup/.ssh
	sudo touch /home/bkup/.ssh/authorized_keys
	sudo chmod 700 /home/bkup/.ssh
	sudo chmod 600 /home/bkup/.ssh/authorized_keys
	sudo chown -R bkup.bkup /home/bkup/.ssh

	### client

	#### macOS / OSx
	already installed.

	###### create new key-pair with no passcode (client)

	ssh-keygen -f ~/.ssh/id_backup -C "user-gmail-com"
	ssh-copy-id -i ~/.ssh/id_backup bkup@192.168.1.2 (won't work, manually move over for now)

	## launchd monitoring when file changes
	vim ~/Library/LaunchAgents/io.nopanic.backup.plist


	### setup rrsync
	sudo -s
	gunzip /usr/share/doc/rsync/scripts/rrsync.gz -c > /usr/local/bin/rrsync
	exit
	sudo chmod 755 /usr/local/bin/rrsync
	sudo chown root:root /usr/local/bin/rrsync

	sudo mkdir -p /var/backup/user-gmail-com
	sudo chown bkup.bkup /var/backup/user-gmail-com

	sudo vim /home/bkup/.ssh/authorized_keys

	command="/usr/local/bin/rrsync /var/backup/user-gmail-com/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAA[... your full pubkey here...]


	## backup (client)

	vim /usr/local/bin/bkup.sh

	#!/bin/sh

	BACKUP_SERVER=192.168.1.2
	USER=bkup
	FILE=~/some/file

	rsync -avz --rsync-path='rsync --server --fake-super' --rsh='ssh -i ~/.ssh/id_backup' $FILE $USER@$BACKUP_SERVER:/

	chmod 755 /usr/local/bin/bkup.sh

	vim ~/Library/LaunchAgents/io.nopanic.backup.plist

	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
	<key>Label</key>
	<string>io.nopanic.backup</string>
	<key>ProgramArguments</key>
	<array>
	<string>/usr/local/bin/bkup.sh</string>
	</array>
	<key>StartCalendarInterval</key>
	<dict>
	<key>Minute</key>
	<integer>1</integer>
	</dict>
	<key>StandardErrorPath</key>
	<string>/tmp/sync.log</string>
	<key>StandardOutPath</key>
	<string>/tmp/sync.err</string>
	</dict>
	</plist>

	launchctl load ~/Library/LaunchAgents/io.nopanic.backup.plist
	does this survive a reboot? yes